CVE-2025-8668 PUBLISHED

Reflected XSS in E-Kalite Software Hardware Engineering's Turboard

Assigner: TR-CERT
Reserved: 06.08.2025 Published: 11.02.2026 Updated: 11.02.2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue affects Turboard: from 2025.07 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CVSS Score: 9.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co.
Product	Turboard
Versions	Default: affected affected from 2025.07 to 11022026 (incl.)

Credits

Mert TURAN finder

References

https://www.usom.gov.tr/bildirim/tr-26-0060

Problem Types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE

Impacts

CAPEC-591 Reflected XSS